The sharp rise in whistleblowing complaints received by the Financial Conduct Authority (FCA) during the first quarter of the year reinforces how consumer duty is changing the culture of accountability across financial services.
According to the regulator, 355 whistleblowing reports were submitted in the first quarter, up from 281 in the same period last year and the fourth quarter of 2025. Crucially, consumer duty breaches generated the highest number of reports to date – with 210 complaints.
As we have long identified, consumer duty is more than just a regulatory framework focused on customer outcomes, it is increasingly a mechanism through which the industry policies itself.
For many years, enforcement in financial services has been viewed primarily as a responsibility of the regulator. Consumer duties have fundamentally changed the dynamic. Companies are not only expected to monitor their own behaviour, but must also identify bad practices within their distribution chains and address them where necessary.
When concerns are identified, companies are expected to work with partners to address deficiencies. If this fails, they are effectively required to escalate concerns to the Financial Conduct Authority (FCA). In practice, this creates a self-regulatory environment in which brokers, lenders and service providers are accountable not only for their behaviour, but also for the standards maintained by those they work with.
This latest data shows this in action as companies show their willingness to live up to their commitments and report concerns.
Although historically companies may have feared regulatory intervention above all else, consumer duties have changed things. Now, there are increasing reasons for companies to pay equal attention to how they are perceived by their peers, partners and peers across the distribution chain and the broader market.
As we know, distribution relationships are a hallmark of this industry. In the current regulatory landscape, these relationships depend on trust in the ability of all parties to demonstrate good outcomes – as required by the consumer duty. This is especially true for vulnerable clients.
Within these arrangements, companies can no longer treat compliance as someone else’s problem. If poor customer outcomes emerge within the distribution chain, regulators are likely to wonder what other participants know, what oversight exists, and whether enough has been done to prevent the anticipated harm.
As a result, the focus is not just on compliance, but on proving compliance. Companies must proactively gather evidence to prove to their boards and regulators that their behavior leads to good outcomes for their customers – especially those with vulnerable characteristics. Simply saying that won’t cut the mustard, as companies need data to provide that evidence.
If companies later discover poor results, it may be very difficult to retrospectively characterize customer weaknesses or customer needs from historical interactions. As a result, many companies now recognize the need to collect customer characteristics data at the point of sale – and monitor it throughout the product life cycle.
Doing so not only supports compliance with consumer duties, but also protects businesses should complaints arise in the future.
However, this remains a real stumbling block for many companies. Methods still rely heavily on front-line staff training and self-assessments that do not produce consistent results or the robust level of data required. Furthermore, the FCA recently flagged concerns about companies using purely reactive measures, whether they rely on customers to disclose their private information. Weaknesses Or for employees to identify problems only as they arise. This leads to huge gaps in identification.
It’s no secret that this is a big task for businesses, which is why regulators – and bodies like the Chartered Insurance Institute – continue to call for the adoption of the technology. Doing so means businesses can adopt a more objective and consistent approach to assessing customer vulnerabilities, supported by digital systems capable of securely storing and analyzing data in line with GDPR requirements.
Digital systems are readily available to help companies prove customer characteristics, monitor results over time, and provide standardized reporting without unnecessarily sharing personal data. Systems that you can describe as providing a credit score, but for weakness. Top-level indicators – backed by extensive data on vulnerabilities – that can be confidently and securely shared across the distribution chain.
And with the recent joint call from the Financial Conduct Authority (FCA) and Initial Coin Offering (ICO) for companies to share vulnerability data, something like this means it’s entirely possible.
These latest whistleblowing figures suggest that we are now in the next phase of consumer duty, where the responsibility for identifying and escalating bad practice falls firmly on the market itself. As much as companies say they are regulated by the Financial Conduct Authority, they are now increasingly regulated by each other.
Andrew Gething is Managing Director of MorganAsh
